<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>[DEPRECATED] Per-user outbound restrictions</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="deprecated-per-user-outbound-restrictions">[DEPRECATED] Per-user outbound restrictions</h1>
<div class="admonition warning">
<p class="admonition-title">DEPRECATED</p>
<p><strong>WARNING: THIS DOCUMENT IS <em>DEPRECATED</em>, PLEASE use per-user
white/blacklists instead, <a href="./manage.iredapd.html">doc here</a>.</strong></p>
</div>
<h2 id="sql-backends">SQL backends</h2>
<p>iRedAPD (a simple Postfix policy server developed by iRedMail team) provides
plugin <code>sql_user_restrictions</code> for per-user inbound/outbound restrictions.</p>
<p>Please make sure plugin <code>sql_user_restrictions</code> is enabled in iRedAPD config
file <code>/opt/iredapd/settings.py</code> like below:</p>
<pre><code class="language-python"># Part of file: /opt/iredapd/settings.py

plugins = [..., 'sql_user_restrictions']
</code></pre>
<p>Restarting iRedAPD service is required if you modified <code>/opt/iredapd/settings.py</code>.</p>
<p>You can store allowed or disallowed recipient in 2 SQL columns in <code>vmail</code> database:</p>
<ul>
<li><code>mailbox.rejectedrecipients</code>: disallow user to send email to listed recipients.</li>
<li><code>mailbox.allowedrecipients</code>: allow user to send email to listed recipients.</li>
</ul>
<p>Valid sender/recipient formats are:</p>
<ul>
<li><code>@.</code>: all addresses (user, domain, sub-domain). Be careful: There's a dot after <code>@</code>.</li>
<li><code>@domain.com</code>: entire domain.</li>
<li><code>@.domain.com</code>: entire domain and all its sub-domains. Be careful: There's a dot after <code>@</code>.</li>
<li><code>user@domain.com</code>:  single email address</li>
<li>empty value means no restriction.</li>
</ul>
<p>NOTE: Multiple recipients must be separated by comma (<code>,</code>).</p>
<p>Sample usage:</p>
<ul>
<li>allow local mail user <code>user@example.com</code> to send to domain (<code>example.com</code>)
  and <code>gmail.com</code>, but not others.</li>
</ul>
<pre><code class="language-sql">sql&gt; USE vmail;
sql&gt; UPDATE mailbox
     SET
         rejectedrecipients='@.',
         allowedrecipients='@example.com,@gmail.com'
     WHERE
          username='user@example.com';
</code></pre>
<h2 id="openldap-backend-special">OpenLDAP backend special</h2>
<p>OpenLDAP backend requires iRedAPD plugin <code>ldap_amavisd_block_blacklisted_senders</code>.</p>
<ul>
<li>
<p>If you have iRedAdmin-Pro, you can manage this restriction in user profile page.</p>
</li>
<li>
<p>If you don't have iRedAdmin-Pro, you can manage it with phpLDAPadmin or other
  LDAP management tools. Related LDAP attributes are:</p>
<ul>
<li><code>mailWhitelistRecipient</code>: same as SQL <code>mailbox.allowedrecipients</code></li>
<li><code>mailBlacklistRecipient</code>: same as <code>mailbox.rejectedrecipients</code></li>
</ul>
</li>
</ul>
<p>Values for these LDAP attributes use the same format as mentioned above.</p>
<p>Note: multiple recipients must be stored in multiple attributes like below:</p>
<pre><code>mailWhitelistRecipient: @example.com
mailWhitelistRecipient: @gmail.com
mailWhitelistRecipient: @iredmail.org
</code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>